custom-content-type-manager

Reviews

And even if it gets fixed, I recommend staying away from anything this author writes in the way of code…malicious once, malicious definitely will be again…no doubt. You can’t change a person’s character or integrity…it requires people to stand for something even when it’s again self best-interest…and if someone does something like this once, more than the incident itself, it is a revelation of that person’s character, so the chances are that very great that they will do it again, maybe not today, this week, or even this year…but they will. It’s what they value in the world…taking advantage of people. Proving they are smarter…vanity, greed, power; …or whatever the reason they have corrupt values, that’s in fact what they have. And if he comes up with an excuse, …you don’t write malicious code and get it accepted by WordPress on ‘accident’ .

The fine people at Wordfence have warned that a backdoor was added to the Custom Content Type Manager plugin by a malicious coder who gained access to the plugin code in the official WordPress plugin repository.

According to Wordfence, It’s unclear whether the plugin author’s credentials were stolen or whether the malicious actor was granted access.

The WordPress security team removed the malicious user account that added the backdoor to the plugin. They have also removed all malicious code that was added to the plugin and updated the version number so that users running this plugin will be prompted to upgrade.

“Custom Content Type Manager version 0.9.8.8 contains malicious code
As Sucuri’s investigation revealed, in the past two weeks, the plugin that looked like an abandoned project for the last 10 months, mysteriously changed owner, and immediately after, the new developer, named wooranker, updated the plugin and pushed out a new version.

All the changes he made to the plugin were of a nefarious nature. First, there was the addition of the auto-update.php file, which included the ability to download files from a remote server on the infected website.

Additionally, wooranker also added the CCTM_Communicator.php file, which worked together with another, older, legitimate plugin file. The purpose of these two files was to ping wooranker’s server about the presence of a newly infected site.

Besides gathering info on the victim’s site, this plugin also tapped into the WordPress login process and recorded usernames and the password, albeit in encrypted format, sending the data to the wordpresscore.com server.”